> > First the pubid must be known to the script/application doing the inline > push. > So there must be some kind of publishing the pubid in a connect hook. > That´s a minor problem but comes with some complexity. > True, but wouldn't the push app need to know the hidden key also?
> The second one is, that the solution is meant to be used with allready > existing > User accounts. So there must be a way of preventing a "bad user" to connect > to a channel with someothers username/nick or otherwise preventing us from > sending him private messages. > So how can we make absolutely sure, that we broadcast to the right user? > As far as I can think, only by using some kind of secret/session key. > Are you talking about both sending a private message and authentication? There already is a sessionid which the user sends to ape to retrieve there own message. As far as I know the sessionid isn't broadcast to other users, but the pubid is. -- You received this message because you are subscribed to the Google Groups "APE Project" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/ape-project?hl=en --- APE Project (Ajax Push Engine) Official website : http://www.ape-project.org/ Git Hub : http://github.com/APE-Project/
